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AMENDMENTS IN THE CLAIMS : 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
LISTING OF THE CLAIMS: 

1 . (Currently amended) A method of responding to the detection of an intrusion on a network 
system that provides network services, the network system including one or more attached 
fimctions and a plurality of interconnection devices, thie method comprising the steps of: 

a. establishing signal transfer policies for each of i» a plurality of interconnection 
devices of the network system: 

b. monitoring the network system for intrusions; 

c. excluding from at least one of the plurality of interconnection devices a policv 
enforcement module common ag e nt friun e work for effecting its own signal 
transfer policy changes; and 

d. upon detection of one or more intrusions of the network, selectively changing one 
or more signal transfer policies of one or more of the plurality of interconnection 
devices in response to the one or more detected intrusions. 

2. (Previously presented) The method as claimed in Claim 1 further comprising the step of 
identifying one or more sources of the intrusions, including the step of identifying a physical 
address or a logical address of each of the one or more identified sources. 

3. (Previously presented) The method as claimed in Claim 2 wherein the physical address 
information is a MAC address or the logical address information is an IP address. 

4. (Previously presented) The method as claimed in Claim 1 further comprising the step of 
including in at least one of the plurality of interconnection devices the capability for such 
interconnection devices to change directly their own signal transfer policies. 
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5. (Previously presented) The method as claimed in Claim 4 further comprising the step of 
employing an intrusion detection device of the network system to perform the function of 
detecting the one or more intrusions, wherein the intn^ion detection device is either a centralized 
network system device or a plurality of distributed network system devices. 

6. CANCELED. 

7. CANCELED. 

8. (Previously presented) The method as claimed in Claim 2 further comprising the step of 
identifying one or more of the plurality of interconnection devices associated with the one or 
more identified sources of the intrusions, including the step of determining the physical address, 
logical address, or both for each of the identified one or more interconnection devices. 

9. (Previously presented) The method as claimed in Claim 2 fiirther comprising the step of 
verifying the identification of the identified one or more sources. 

10. (Previously presented) The method as claimed in Claim 1 wherein the step of selectively 
changing one or more signal transfer policies of one or more of the plurality of interconnection 
devices in response to the one or more detected intrusions includes the step of configuring the 
one or more interconnection devices to perform one or more functions selected firom the group 
consisting of: blocking complete access to the network services by an identified source of a 
detected intrusion, blocking access by identified logical addresses only, blocking access by an 
identified access protocol only, limiting bandwidth, limiting exchanges to or from the one or 
more interconnection devices, to or from one or more other devices of the network system, or to 
or from any of the attached functions not identified as an intrusion source, and directing all 
signals exchanged by the identified sources to a honeypot, an intrusion detection device, a 
monitoring device, or a simulation device. 

11 . (Previously presented) The method as claimed in Claim 1 wherein the step of selectively 
changing one or more signal transfer policies of one or more of the plurality of interconnection 
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devices in response to the one or more detected intrusions includes the step of configuring the 
one or more interconnection devices to permit connectivity of an identified source of a detected 
intrusion while dampening the level of activity associated with the identified source to minimize 
network harm while permitting analysis and auditing of the identified source and the gathering of 
forensic evidence. 

12. (Previously presented) The method as claimed in Claim 1 wherein the step of selectively 
changing one or more signal transfer policies of one or more of the plurality of interconnection 
devices in response to the one or more detected intrusions includes the steps of first configuring a 
first set of the one or more interconnection devices with a first set of one or more policy changes, 
monitoring the network system for intrusions and, upon detection of one or more intrusions 
related to the intrusions causing the first one or more policy changes, configuring a second set of 
the one or more interconnection devices with a second set of one or more policy changes. 

13. (Previously presented) The method as claimed in Claim 12 whereui one or more of the one 
or more intercormection devices of the second set are interconnection devices of the first set. 

14. (Previously presented) The method as claimed in Claim 1 wherein the one or more 
interconnection devices are network entry devices. 

15. (Currently amended) The method as claimed in Claim 2 4- wherein the one or more policy 
changes are configured on one or more porte of one or more of the interconnection devices 
associated with the identified one or more sources s ignal - tranoferring doviooo . 

Claims 16-27: CANCELED. 

28. (Previously presented) The method as claimed in Claim 1 fiirther comprising the steps of: 

a. identifying one or more sources of the intrusions, including the step of identifying 
a physical address or a logical address of each of the one or more identified 
sources; and 
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b. identifying one or more network entry devices of tlie plurality of interconnection 
devices locally connecting the one or more identified sources of the intrusions to 
the network system, including the step of determining the physical address, 
logical address, or both for each of the identified one or more network entry 
devices. 

29. (Previously presented) The method as claimed in Claim 28 further comprising the step of 
verifying the identification of the identified one or more sources. 

30. (Currently amended) A network system including a plurality of attached fimctions, and 
the network system including the capability to respond to intrusions thereof, the network system 
comprising: 

a. an intrusion detection fiinction for identifying one or more sources of one or more 
intrmions of the network system; 

b. a plurality of interconnection devices for transferring signals through the network 
system, wherein each of the plurality of intercoimection devices includes one or 
more signal transfer policies, and 

c. a function of a policy enforcement module to change selectively the signal 
transfer policies of one or more of the plurality of interconnection devices in 
response to the one or more detected intrusions, 

wherein at least one of the plurality of interconnection devices excludes the policy 
enforcement module ther e is no common ag e nt fi-amework diotribut e d among the 
plurality of intoroonnootion doWooo to establish therein eith e r or both of th e intruoion 
d e t e ction function and t he function to change selectively its own ^^signal transfer 
policies. 

3 1 . (Withdrawn) The network system as claimed in Claim 30, wherein at least one of the 
interconnection devices has no intrusion detection fimction and wherein the signal transfer 
policies of that at least one of the plurality of interconnection devices cannot be changed in 
response to the one or more detected intrusions. 
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32. (Previously presented) The network system as claimed in Claim 30, wherein at least one 
of the plurality of interconnection devices includes the function to change directly its own signal 
transfer policies. 

33. (Previously presented) The network system as claimed in Claim 30 further comprising a 
directory service function for receiving address information for the attached functions and the 
interconnection devices. 

34. (Previously presented) The network system as claimed in Claim 33 fiirther comprising a 
policy manager function for configuring the plurality of interconnection devices with the signal 
transfer policies. 

35. (Previously presented) The network system as claimed in Claim 34 further comprising a 
policy decision function configured: 

a. to receive detected intrusion information from the intrusion detection function; 

b. to receive information from the directory service function; 

c. to evaluate whether a policy change or changes is or are required on one or more 
of the interconnection devices in response to the detected intrusion information; 
and 

d. to direct the policy manager function to configure one or more of the plurality of 
interconnection devices with determined policy changes upon deciding to do so 
based upon the evaluation. 

36. (Previously presented) The network system as claimed in Claim 35 wherein the policy 
manager function and the policy decision function are part of a centralized server. 

37. (Previously presented) The network system as claimed in Claim 36 wherein the directory 
service function is part of the central server. 
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38. (Previously presented) The network system as claimed in Claim 30 wherein the intrusion 
detection fimction is a centralized intrusion detection function or a distributed intrusion detection 
function. 

39. (Previously presented) The network system as claimed in Claim 30 wherein the one or 
more of the plurality of interconnection devices selected for signal transfer policies changes are 
network entry devices selected based on their local connection to the one or more sources of the 
one or more intrusions. 

40. (Previously presented) The network system as claimed in Claim 30 further comprising a 
network management system for identifying address information for the plurality of 
interconnection devices. 

4 1 . (Previously presented) The network system as claimed in Claim 30 further comprising a 
function to validate the accuracy of the identity of the identified one or more sources including a 
logical address, a physical address, or a location. 
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